Disclosed herein are systems and methods for blocking network connections to network resources of forbidden categories. In one aspect, an exemplary method comprises, intercepting a certificate when a connection is being established between a client and a server, determining categories of resources to which a connection of the client is forbidden, determining a category of the intercepted certificate, the determination comprising: identifying a resource to which the intercepted certificate corresponds, determining whether the intercepted certificate is unknown, and determining the category of the intercepted certificate based on whether the certificate is unknown, extracting attributes from the intercepted certificate, and blocking the network connection when the determined category of the intercepted certificate is a category of the network resources to which the connection of the client is forbidden, or when the attributes extracted from the intercepted certificate are found to be similar to attributes of forbidden certificates.